Module 4: Incident Response
- What is Incident Response
- Incident Response Policy
- What is Incident Response Policy
- Elements of Incident Response Policy
- Different Types of Incident Response Teams
- Role of Incident Response Manager
- What Does Incident Response Team Do
- Incident Handling
- What is Incident Handling
- CIRC Team
- The REACT Principle
- Maintaining Integrity of Scene Following an Incident
- Legal Aspects of Incident Response
- Legal Considerations of Incident Response
- Expectation of Privacy
- Personally Identifiable Information (PII)
- Giving Notice to Individuals
- Benefits of Information Sharing
- Forensics of Incident Response
- Forensics in Support of an Incident Response
- Phases of Investigation
- Capturing of Data
- Volatile Data Considerations
- Volatile Memory Capture
- Imaging Concepts
- Forensic Acquisition of Data from PC
- Obtaining BitLocker Keys
- Analysis of Forensic Data
- Insider Threat
- What is Insider Threat
- Indicators to Identify an Insider Threat
- Automated Processes to Look for Indicators of Insider Threats
- Policies and Procedures
- Policy Enforcement
- Malware
- Malware Incidents
- Malware Analysis
- Incident Recovery